what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2011-09-19

WordPress Relocate Upload 0.14 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Relocate Upload plugin version 0.14 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 4bbe8fbb769a5b00cc395ace0a6db17412d3437d2bc1ff4f2c7211144d670b91
WordPress Mini Mail Dashboard Widget 1.36 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Mini Mail Dashboard Widget plugin version 1.36 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 22b8b46f36afaf271f47a324d98d3dfe771d22dbfd2307d2cabfd63b7bac9ea9
WordPress Zingiri Web Shop 2.2.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Zingiri Web Shop plugin version 2.2.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, web, code execution, file inclusion
SHA-256 | eb86823281e55aaf1a6c7deaa561f14cc74a0659373aae29549e9aa8cc507d5c
WordPress Mailing List 1.3.2 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Mailing List plugin version 1.3.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | c62dd24b059c91a378049c480428ca9765b7b65f1ace1718c81835ae8bc9a488
Ubuntu Security Notice USN-1209-2
Posted Sep 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1209-2 - It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1196, CVE-2011-1931, CVE-2011-3362
SHA-256 | 9621f95272d1d1ce829f24f5c28f2c8817f6ad5df4167d0c0cb9336fa27f9d7f
Ubuntu Security Notice USN-1209-1
Posted Sep 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1209-1 - It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. It was discovered that FFmpeg incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1196, CVE-2011-1931, CVE-2011-2161, CVE-2011-3362
SHA-256 | 9a25bee80cf1df7c81ece3ee62fc95b8e13a4030196ba5a3b6bf163c90a3cd58
Red Hat Security Advisory 2011-1317-01
Posted Sep 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1317-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

tags | advisory, remote, overflow, arbitrary, imap
systems | linux, redhat
advisories | CVE-2011-3208
SHA-256 | 08236021a1e725e1e06393ac59be1014c21fe6adaad53673952a5ba86038b8b1
HP Security Bulletin HPSBMU02705 SSRT100622
Posted Sep 19, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02705 SSRT100622 - A potential security vulnerability has been identified with HP Business Service Automation (BSA) Essentials. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2011-2412
SHA-256 | 90e3828bcb44b7c50519574058d314b50a97f57da31d08d8a0158a9b5fac8ec4
Microsoft Office Excel Formula Record Heap Corruption
Posted Sep 19, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a heap corruption error when processing malformed Formula records within an Excel document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted XLS document.

tags | advisory
SHA-256 | fea05647dde36d6873e65a4a370929a4399740a72e46e76f9aa3a5901033bd1f
WordPress Plugin timthumb.php Shell Upload
Posted Sep 19, 2011
Authored by Ben Schmidt

Multiple WordPress plugins suffer from a remote shell upload vulnerability due to the reuse of the vulnerable timthumb.php library.

tags | exploit, remote, shell, php
SHA-256 | 321c3ad06b0f47075ec9eb1b1882d1392ead87ce0674e1dbfd83a2020fa2909d
Cisco TelePresence Cookie Theft / Impersonation / Code Execution
Posted Sep 19, 2011

Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution
systems | cisco
advisories | CVE-2011-2544, CVE-2011-2543, CVE-2011-2577
SHA-256 | bc7f59652d2d33927b5be11b22f77d5545fd6efa01646d0cc73f14ea610a6d87
Debian Security Advisory 2305-1
Posted Sep 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2305-1 - Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security.

tags | advisory
systems | linux, debian
advisories | CVE-2011-0762, CVE-2011-2189
SHA-256 | d1013c9209e9503db4e32189f1ad82768a403b81814dbf62efc924b7a59799f6
WordPress TheCartPress 1.1.1 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress TheCartPress plugin version 1.1.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 51de8edbe4033bacd0f4611cbca6a1140cd31164ab53aa95b893d748467e6ff8
WordPress AllWebMenus 1.1.3 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress AllWebMenus plugin version 1.1.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | f5992b2e2ebf81baa29016bfe3528094294216f811d0fa8fbeaaaa77bd9ce35c
WordPress WPEasyStats 1.8 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress WPEasyStats plugin version 1.8 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | d3f013a760a7b4563260188e45ab4a66c858aef58be11b3225d2ee692195009e
WordPress Annonces 1.2.0.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress Annonces plugin version 1.2.0.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 2e4ae0c37dabeb183163b80fa8ef260ca92eb9b43ff547a9b25552e65bf84af8
WordPress Livesig 0.4 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt | Site spareclockcycles.org

WordPress Livesig plugin version 0.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 87c4823c00d785ca175170726e8c75d327a8c835b78969ac014324cd04befe8b
DaqFactory HMI NETB Request Overflow
Posted Sep 19, 2011
Authored by Luigi Auriemma, mr_me | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.

tags | exploit, overflow
advisories | CVE-2011-3492, OSVDB-75496
SHA-256 | f768d01949d1c55ca3bfc13b8651ff570985496cb1e98d04e3b557ddfbf40e5e
WordPress Disclosure Policy 1.0 Remote File Inclusion
Posted Sep 19, 2011
Authored by Ben Schmidt

WordPress Disclosure Policy plugin version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 0883309d0035ccfbd29c2ac569cbe354ce45ea78f5c74ad7108f607655fd0d98
Stunnel SSL Wrapper 4.44
Posted Sep 19, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Bugs in the new SNI and memory management code were fixed. Buffer overflow protection was implemented for heap allocations, and gcc buffer overflow protection was enabled for stack allocations.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
SHA-256 | fa0dfc33f323abfbc94aa993d90d37481cd2f652ee93ec2f8c333ac7a496c7b9
Vlock Session Locker 2.2.3
Posted Sep 19, 2011
Authored by Frank Benkstein

vlock is a program to lock one or more sessions on the Linux console. This is especially useful for Linux machines which have multiple users with access to the console. One user may lock his or her session(s) while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled.

Changes: This release fixes vlock not reacting to input when started in the background from bash.
systems | linux, unix
SHA-256 | 85aa5aed1ae49351378a0bd527a013078f0f969372a63164b1944174ae1a5e39
Toko Lite CMS 1.5.2 HTTP Response Splitting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.

tags | exploit, web, arbitrary, php
SHA-256 | 0ece8e90a521dbb49857876275b2f7437dfe10ead5f178eb312f800e5e26394b
Toko Lite CMS 1.5.2 Cross Site Scripting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 1e375defb0b70ff576bb4ab30105128e41f023f56c06f5adc032a0786038ed7c
Aspgwy Access 1.0.0 Cross Site Scripting
Posted Sep 19, 2011
Authored by kurdish hackers team | Site kurdteam.org

Aspgwy Access version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 78db463e58965c529a5c4a6614d17333f3c19ce080b1a06db7603e8385da93ae
WordPress Filedownload 0.1 File Disclosure
Posted Sep 19, 2011
Authored by Septemb0x

WordPress Filedownload plugin version 0.1 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 7caf8797e03a291467364c0a1cd9e428d63613b9a7870a60ea2e99e43d1090f5
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close